Warezov.DC (f-secure) uploaded.


i've uploaded Warezov.DC (name according to F-secure), this variant just got spammed this night.

MD5SUM: 83e00e3c95e51bb700a5380acdf9b2c3
SHA1SUM: ab471ad131a3590ba835ab622f4b9bc9f44685d3
SHA256SUM: 17d9827ed2aca3824f0f1916fc1d0048a2e70f1f109f518e2e23d90b826b2701

It tries to download a few files and execute it on the system, just like the rest of this downloader family it is trojans it downloads.

another variant

Another variant added, basicly does the same thing, other URL's it downloads from though.

MD5SUM: 3a8e62630833f68fcd0edfbf39f3e688
SHA1SUM: a69e68df1ddb606ba44f456f9229a919d284ba28
SHA256SUM: 3676566a43fa9542d45295015379869907744c62b32c15d56596253636a05c44

and another

Just found another variant this one had a couple of files though
nt.exe - UPX 2.00 packed
lt.exe - UPX 2.00 packed
s.exe - not packed

I'll submit them in a minte but thought the hashes might help

MD5 (lt.exe) = 3e77eab66e28a6d2986affa67748e553
MD5 (nt.exe) = 6eb688e747e381899a23dff8949c0113
MD5 (s.exe) = e452fc24ef54264d684d4616b190298e
SHA1 (lt.exe) = 30f2f17d3659928a99980061ad3e12686537c089
SHA1 (nt.exe) = 6aca796804685af59f2826b8001f0c2b78a84a2f
SHA1 (s.exe) = 17a8f4f35e8b8b0925ccbf105dc59efb075d0c32

where can i get the file

Enter the MD5 sum into the

Enter the MD5 sum into the Malware Search on the left side of the page.